[clug] Lists of attacl URL / simple attack signatures...
Red Phoenix
intersect at gmail.com
Thu Aug 25 04:43:41 GMT 2005
The nikto scan database might help you a little - it's taken over from
'whisker' as the prime vulnerability scanner for web stuff:
http://www.cirt.net/nikto/UPDATES/1.35/scan_database.db
It probably woudn't be too horrible to write a brute force scanner of
your web logs using perl, something like 'strstr' & perl arrays...
eg: (excuse the pseudo code)
open DB "blah.db";
while($line=<DB>) {
$match[]=split on the ", grab the second column
}
while($line = <STDIN>) {
foreach(@match as $item) {
if(strstr($item, $line)) {
print "match: $item - $line\n";
break;
}
}
As I mentioned.. pseudo-code only (eg: perl doesn't actually have
strstr, from memory), and it would take a fair while to run through
each log... but might help a bit.
Regards,
Leigh.
On 8/25/05, Antony Wuth <foobie at gmail.com> wrote:
> Hi all,
>
> I was wondering if anyone has a list of relatively up to date attack URL's /
> signatures (or knows of where one is maintained). At this stage I am looking
> at running through my Apache logs and at least getting a handle on how many
> potential attacks appear before working out if it's worth the effort to try
> more comprehensive / painful logging / traffic monitoring type activities.
>
> Thanks
> Antony.
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
More information about the linux
mailing list